PageRenderTime 68ms CodeModel.GetById 26ms RepoModel.GetById 0ms app.codeStats 1ms

/V1/AutoXssAnalyzer/XAUserInterface.cs

#
C# | 312 lines | 253 code | 47 blank | 12 comment | 45 complexity | 1dd53e055d616fd87590a243b7c78e72 MD5 | raw file
Possible License(s): BSD-3-Clause
  1. using System;
  2. using System.Collections.Generic;
  3. using System.ComponentModel;
  4. using System.Drawing;
  5. using System.Data;
  6. using System.Text;
  7. using System.Windows.Forms;
  8. using Fiddler;
  9. using Casaba;
  10. public partial class XAUserInterface : UserControl {
  11. //Delegate's to handle updating the DataGridView due to the "Creation thread" constraints.
  12. public delegate void AddRow(List<ResponseResult> matches);
  13. public AddRow ar;
  14. public delegate void SetColumnAutoSort();
  15. public SetColumnAutoSort scas;
  16. //Instance variables..
  17. SortableBindingList<ResponseResult> matches;
  18. public XAUserInterface(XssAnalyzerEngine xa) {
  19. InitializeComponent();
  20. this.matches = new SortableBindingList<ResponseResult>();
  21. this.xa = xa;
  22. SetState();
  23. //Adding the default canary...
  24. string canary = XssUtilities.UnescapeUnicodeCodePoints("\uFF21\uFF22\uFF23\uFF11\uFF12\uFF13");
  25. xa.Settings.canary = canary;
  26. this.tbCanary.Text = xa.Settings.canary;
  27. this.tbCanary.Enabled = false;
  28. this.lbDomainFilters.DataSource = xa.Settings.domainFilters;
  29. this.dataGridView1.DataSource = this.matches;
  30. //Delegate method to ensure when adding data to the datasource it origanates from the creating thread.
  31. ar = new AddRow(AddRowMethod);
  32. this.dataGridView1.Columns[1].Width = this.dataGridView1.Width - this.dataGridView1.Columns[0].Width - this.dataGridView1.RowHeadersWidth - 2;
  33. //Set columns to sortable
  34. this.scas = new SetColumnAutoSort(setColumnAutoSort);
  35. this.Dock = DockStyle.Fill;
  36. //Pre populate Special Chars..
  37. this.xa.Settings.specialChars = XssUtilities.UnescapeUnicodeCodePoints("\uFF1C\uFF1E\uFF02\uFF07\u00AB\u2A74\uFE13\uFE55\uFE64\uFE65");
  38. this.sCharTxtBox.Text = xa.Settings.specialChars;
  39. this.xa.Settings.scc = SpecialCharsContainer.Create(this.xa.Settings.specialChars);
  40. }
  41. public void setColumnAutoSort() {
  42. for (int i = 0; i < this.dataGridView1.Columns.Count; i++) {
  43. this.dataGridView1.Columns[i].SortMode = DataGridViewColumnSortMode.Automatic;
  44. }
  45. }
  46. private void SetState() {
  47. if(this.xa.Settings.Enabled){
  48. this.chkbEnabled.Checked = true;
  49. this.chkbEnabled.Enabled = true;
  50. }
  51. if (this.xa.Settings.checkRequestForCanary) {
  52. this.chkbCheckRequestCanary.Checked = true;
  53. }
  54. if (this.xa.Settings.enabledAutoGen){
  55. this.chkbAutoGenSC.Checked = true;
  56. }
  57. if (this.xa.Settings.injectIntoQueryString) {
  58. this.chkbInjectQueryParam.Checked = true;
  59. }
  60. if (this.xa.Settings.injectIntoPost)
  61. {
  62. this.chkbAutoInjectPost.Checked = true;
  63. }
  64. if (this.xa.Settings.filterRequests) {
  65. this.chkbFilterReq.Checked = true;
  66. }
  67. if (this.xa.Settings.filterResponse) {
  68. this.chkbFilterRes.Checked = true;
  69. }
  70. if (this.xa.Settings.domainFilterEnabled) {
  71. this.chkbEnableDomainFilter.Checked = true;
  72. }
  73. if (this.xa.Settings.urlEncodeQueryStringParams) {
  74. this.chkbEncodeQueryStringParam.Checked = true;
  75. }
  76. this.sCharTxtBox.Text = this.xa.Settings.specialChars;
  77. }
  78. public void ClearMatchListMethod() {
  79. this.matches.Clear();
  80. }
  81. //This delegate method is used to ensure that the Datagridview is updated via the thread that created it.
  82. public void AddRowMethod(List<ResponseResult> matches) {
  83. foreach (ResponseResult m in matches) {
  84. if (!this.matches.Contains(m)) {
  85. this.matches.Add(m);
  86. }
  87. }
  88. }
  89. private void enabledChkBox_CheckedChanged(object sender, EventArgs e) {
  90. if (this.chkbEnabled.Checked) {
  91. this.xa.Settings.Enabled = true;
  92. this.chkbAutoGenSC.Enabled = true;
  93. this.chkbAutoInjectPost.Enabled = true;
  94. this.chkbCheckRequestCanary.Enabled = true;
  95. this.chkbEnableDomainFilter.Enabled = true;
  96. this.chkbInjectQueryParam.Enabled = true;
  97. this.chkbEncodeQueryStringParam.Enabled = true;
  98. } else {
  99. this.xa.Settings.Enabled = false;
  100. this.chkbAutoGenSC.Enabled = false;
  101. this.chkbAutoInjectPost.Enabled = false;
  102. this.chkbCheckRequestCanary.Enabled = false;
  103. this.chkbEnableDomainFilter.Enabled = false;
  104. this.chkbFilterReq.Enabled = false;
  105. this.chkbFilterRes.Enabled = false;
  106. this.chkbInjectQueryParam.Enabled = false;
  107. this.chkbEncodeQueryStringParam.Enabled = false;
  108. }
  109. }
  110. public void refreshBindings(){
  111. BindingManagerBase bmb = this.dataGridView1.BindingContext[this.xa.Matches];
  112. bmb.SuspendBinding();
  113. bmb.ResumeBinding();
  114. }
  115. private void dataGridView1_RowEnter(object sender, DataGridViewCellEventArgs e) {
  116. this.richTextBox1.Text = "Can't jump to location..";
  117. ResponseResult res = matches[e.RowIndex];
  118. Fiddler.Session[] sessions = Fiddler.FiddlerApplication.UI.GetAllSessions();
  119. Fiddler.Session targetSession = null;
  120. int tSessionIndex = -1;
  121. //Locate the session object and it's index..
  122. for (int i = 0; i < sessions.Length; i++) {
  123. if (sessions[i].id == res.Match.SessionId) {
  124. targetSession = sessions[i];
  125. tSessionIndex = i;
  126. break;
  127. }
  128. }
  129. if (targetSession == null || tSessionIndex == -1) {
  130. //ouch, no jump for this session ;(
  131. return;
  132. }
  133. //Jump to fiddler session in the right box.
  134. FiddlerApplication.UI.lvSessions.SelectedItems.Clear();
  135. FiddlerApplication.UI.lvSessions.Items[tSessionIndex].Focused = true;
  136. FiddlerApplication.UI.lvSessions.Items[tSessionIndex].Selected = true;
  137. //Dump text to textbox and bail.
  138. string headers = targetSession.oResponse.headers.ToString();
  139. string body = Encoding.UTF8.GetString(targetSession.responseBodyBytes);
  140. this.richTextBox1.Text = headers + "\r\n\r\n" + body;
  141. //Lets see if we can jump to the proper place in the RichTextBox to highlihgt the location for quicker inspection.
  142. int offset = 0;
  143. if (res.Match is HeaderMatch) {
  144. HeaderMatch hm = (HeaderMatch)res.Match;
  145. offset = headers.IndexOf(hm.HeaderName) + hm.HeaderName.Length + 2; //+2 to cover the : and space..
  146. offset += res.Match.Offset;
  147. } else if (res.Match is BodyMatch) {
  148. BodyMatch bm = (BodyMatch)res.Match;
  149. offset = headers.Length + 4 + bm.Offset;
  150. }
  151. if (offset - 20 > 0 && offset + 20 < headers.Length + 4 + body.Length) {
  152. this.richTextBox1.Select(offset - 20, 40);
  153. this.richTextBox1.SelectionColor = Color.Red;
  154. this.richTextBox1.ScrollToCaret();
  155. }
  156. }
  157. private void clearBtn_Click(object sender, EventArgs e) {
  158. this.matches.Clear();
  159. this.xa.Matches.Clear();
  160. this.matches = new SortableBindingList<ResponseResult>();
  161. this.dataGridView1.DataSource = this.matches;
  162. this.richTextBox1.Text = "";
  163. }
  164. private void enableSCharChkBox_CheckedChanged(object sender, EventArgs e) {
  165. if (this.chkbAutoGenSC.Checked == true) {
  166. this.xa.Settings.enabledAutoGen = true;
  167. } else {
  168. this.xa.Settings.enabledAutoGen = false;
  169. }
  170. }
  171. private void sCharTxtBox_TextChanged(object sender, EventArgs e) {
  172. this.xa.Settings.specialChars = this.sCharTxtBox.Text;
  173. this.xa.Settings.scc = SpecialCharsContainer.Create(this.xa.Settings.specialChars);
  174. }
  175. private void chkbInjectQueryParam_CheckedChanged(object sender, EventArgs e) {
  176. if (this.chkbInjectQueryParam.Checked) {
  177. this.xa.Settings.injectIntoQueryString = true;
  178. } else {
  179. this.xa.Settings.injectIntoQueryString = false;
  180. }
  181. }
  182. private void btnAddToDomainFilterList_Click(object sender, EventArgs e) {
  183. if (this.tbDomain.Text != "") {
  184. this.xa.Settings.domainFilters.Add(this.tbDomain.Text);
  185. this.tbDomain.Text = "";
  186. BindingManagerBase bmb = this.lbDomainFilters.BindingContext[this.xa.Settings.domainFilters];
  187. bmb.SuspendBinding();
  188. bmb.ResumeBinding();
  189. }
  190. }
  191. private void btnRemoveDomainFilter_Click(object sender, EventArgs e) {
  192. if (this.lbDomainFilters.SelectedIndex >= 0) {
  193. string s = this.xa.Settings.domainFilters[this.lbDomainFilters.SelectedIndex];
  194. this.tbDomain.Text = s;
  195. this.xa.Settings.domainFilters.Remove(s);
  196. BindingManagerBase bmb = this.lbDomainFilters.BindingContext[this.xa.Settings.domainFilters];
  197. bmb.SuspendBinding();
  198. bmb.ResumeBinding();
  199. }
  200. }
  201. private void btnClrDomainList_Click(object sender, EventArgs e) {
  202. this.xa.Settings.domainFilters.Clear();
  203. BindingManagerBase bmb = this.lbDomainFilters.BindingContext[this.xa.Settings.domainFilters];
  204. bmb.SuspendBinding();
  205. bmb.ResumeBinding();
  206. }
  207. private void chkbFilterReq_CheckedChanged(object sender, EventArgs e) {
  208. if (this.chkbFilterReq.Checked) {
  209. this.xa.Settings.filterRequests = true;
  210. } else {
  211. this.xa.Settings.filterRequests = false;
  212. }
  213. }
  214. private void chkbFilterRes_CheckedChanged(object sender, EventArgs e) {
  215. if (this.chkbFilterRes.Checked) {
  216. this.xa.Settings.filterResponse = true;
  217. } else {
  218. this.xa.Settings.filterResponse = false;
  219. }
  220. }
  221. private void chkbEnableDomainFilter_CheckedChanged(object sender, EventArgs e) {
  222. if (this.chkbEnableDomainFilter.Checked) {
  223. this.xa.Settings.domainFilterEnabled = true;
  224. this.chkbFilterReq.Enabled = true;
  225. this.chkbFilterRes.Enabled = true;
  226. } else {
  227. this.xa.Settings.domainFilterEnabled = false;
  228. this.chkbFilterReq.Enabled = false;
  229. this.chkbFilterRes.Enabled = false;
  230. }
  231. }
  232. private void exportBtn_Click(object sender, EventArgs e) {
  233. }
  234. private void chkbEncodeQueryStringParam_CheckedChanged(object sender, EventArgs e) {
  235. if (this.chkbEncodeQueryStringParam.Checked) {
  236. this.xa.Settings.urlEncodeQueryStringParams = true;
  237. } else {
  238. this.xa.Settings.urlEncodeQueryStringParams = false;
  239. }
  240. }
  241. private void clearBtn_Click_1(object sender, EventArgs e) {
  242. this.matches.Clear();
  243. this.xa.Matches.Clear();
  244. this.matches = new SortableBindingList<ResponseResult>();
  245. this.dataGridView1.DataSource = this.matches;
  246. this.richTextBox1.Text = "";
  247. }
  248. private void chkbAutoInjectPost_CheckedChanged(object sender, EventArgs e) {
  249. if (this.chkbAutoInjectPost.Checked) {
  250. this.xa.Settings.injectIntoPost = true;
  251. } else {
  252. this.xa.Settings.injectIntoPost = false;
  253. }
  254. }
  255. private void chkbCheckRequestCanary_CheckedChanged(object sender, EventArgs e) {
  256. if (this.chkbCheckRequestCanary.Checked) {
  257. this.xa.Settings.checkRequestForCanary = true;
  258. } else {
  259. this.xa.Settings.checkRequestForCanary = false;
  260. }
  261. }
  262. private void dataGridView1_CellDoubleClick(object sender, DataGridViewCellEventArgs e) {
  263. FiddlerApplication.UI.actInspectSession();
  264. }
  265. }